Hello from all of us here at Sysdig! This month we are especially happy to announce the new eBPF instrumentation support for Sysdig and Falco along with lots of exciting news in the container space.
So here it is again: a monthly newsletter to share the latest happenings in the container ecosystem across vendors and open source projects like Docker, Kubernetes, DC/OS Mesos, Openshift, etc.
We hope you enjoy this! Ping us at @sysdig or on our open source Sysdig Slack group to share anything you feel should be included in future newsletters, we are looking forward your contributions! You can also find previous newsletter editions in the Container Newsletter archive.
Sign up for our monthly Cloud-native News.
SECURITY
The state of open source security – 2019
Our friends at Snyk have compiled a yearly overview of the state of open source security including stats and trends. Don’t miss the container security section.
Introducing Anchore policy hub
Using the policy mechanisms of Anchore, users can define different checks, whitelists, and mappings. The Anchore policy hub will provide a public policy repository for the community.
Kubernetes Pod Security Policy with kube-psp-advisor
Kube-psp-advisor is a tool to automate and enable a Kubernetes Pod Security Policy across your cluster, allowing you to define adaptive and fine-grained security policies.
Docker and Kubernetes in high security environments
A brief summary of a masters’ thesis on containerized application isolation based on a real set of production requisites, with the Swedish Police Authority as the target client.
SYSDIG
Announcing Sysdig Secure 2.3
Sysdig Secure 2.3 is heavily invested in hardening the compliance posture of Kubernetes, Docker configurations, and container images following the NIST 800-190 and PCI frameworks.
Sysdig and Falco now powered by eBPF
Sysdig now supports eBPF as an alternative to our Sysdig kernel module-based architecture. We are excited to share more details about our integration and the inner workings of eBPF.
The art of writing eBPF programs
Continuing with the same theme, we want to break down the process of writing eBPF programs for you. Our eBPF exercises are entirely driven by examples, try this at home!
Sysdig and IBM to collaborate on IBM Cloud
At the IBM Think 2019 we announced our joint effort with IBM to support the Sysdig Cloud-Native Intelligence Platform on IBM Cloud Private and IBM Multicloud Manager.
Join our latest security session style=”text-decoration: underline;” href=”http://info.sysdig.com/a0000R00fQ0h00BTmZEI4th” target=”_blank” rel=”noopener noreferrer”>”4 best practices to meet compliance requirements in Kubernetes environments”.
You can see other upcoming Sysdig sessions here.
KUBERNETES
Managing Kubernetes with Kapitan
Kapitan is a tool to template files, originally created to manage Kubernetes based deployments. Take your firsts steps with the tool running the linked Katacoda course! Nice one.
K3S, lightweight Kubernetes
A bold proposal by Rancher Labs, K3S is a fully compliant production-grade Kubernetes, trimmed down to just a binary file under 40 MB and optimized for small hardware appliances.
Mastering the kubeconfig file
If you interact with Kubernetes on a daily basis, mastering the caveats and advanced details of your kubeconfig file will boost your efficiency, optimizing tasks like switching cluster contexts.
Migrating from ECS to EKS
AskAttest engineering embarked on a Kubernetes cluster migration from ECS to EKS. LinkerD helped smoothing the transition connecting services running in different clusters.
Pimp my Kubernetes shell
Have you ever been staring at the terminal but don’t remember which Kubernetes cluster it is set up for? Multiple terminal windows for multiple Kubernetes clusters? Let’s fix it already.
Kubernetes storage performance comparison
There are plenty of storage solutions to choose from when you configure Kubernetes. Look at this basic performance comparison between the most common storage technologies.
Prioritize workloads in overcommitted clusters
Kubernetes Horizontal Pod Autoscaler enables automated pod scaling, which is nice, but can lead to unpredictable load on the cluster. How to prioritize which workloads need to run?
Viewing logs in Kubernetes
An useful cheatsheet covering the different arguments, filters and selectors available for the “kubectl logs” subcommand.
How to choose your Kubernetes ingress controller
We have discussed how to deploy different Kubernetes ingress controllers before, but, do you know which one best suits your requirements and current deployment?
DOCKER
Top 5 features of Docker engine v18.09.1
This new release of the Docker engine brings exciting features like Process isolation in Windows 10, accessing the Docker daemon via SSH or Docker compose on Kubernetes.
Docker stack deploy: update configs and secrets
In Swarm mode, configs and secrets are immutable objects with unique names, and there is no way to mutate their contents. There is a simple fix to this limitation following these steps.
Bash functions as a service
Serverless and FaaS (Functions as a Service) has been a hot topic over the last few months. What about using Docker to encapsulate Bash functions and learning FaaS in the process?
Data in Docker
Volumes can be used to persist data in Docker. Here is a cheatsheet with all the commands that you need to create, inspect or delete a volume, along with useful tips and caveats.
OPENSHIFT & MESOS
OpenShift 4: A NoOps platform
OpenShift 4 is coming, and one of the main goals behind it is to hide or minimize the operational burden from the developer (No Ops). What distinguishes OpenShift 4 from its predecessors?
OpenShift 4 install experience
One of the first experiences that you will probably have with the new platform is, of course, the installation. Conveniently, the OpenShift 4 platform comes with a new installation tool.
How and why OpenShift 4.0 is changing its deployment topology
Red Hat OpenShift Container Platform is changing the way that clusters are installed, and the way those resulting clusters are structured. Learn the rationale behind this change.
Announcing Kudo – A declarative approach to Kubernetes operators
Kudo (formerly named Maestro) provides a declarative approach to building production-grade Kubernetes Operators covering the entire application lifecycle, including “day 2” operations.